Date: Fri, 6 Jun 2008 20:53:26 +0200 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: Israel Lehnen Silva <israsilva@gmail.com> Cc: hackers@freebsd.org Subject: Re: FreeBSD + LDAP + SAMBA + WINDOWS Message-ID: <20080606185326.GC1646@roadrunner.spoerlein.net> In-Reply-To: <5ce468b90805281511h2729be73l65dccdcfe13ad4db@mail.gmail.com> References: <5ce468b90805281511h2729be73l65dccdcfe13ad4db@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28.05.2008 at 19:11:06 -0300, Israel Lehnen Silva wrote: > Friends, > > I have the following scenario: > > Server FreeBSD 7.0 Stable authenticating in one basis LDAP through of the > PAM (pam_ldap and nss_ldap) > In same server, have running the SAMBA 3.0.28 authenticating too in > basis LDAP and using the scripts smbldap-tools. > Tool LDAPAdmin for administration of basis LDAP. > > THE PROBLEM: > > When chang the pass of user in basis LDAP trhough of LDAPAdmin, > select th cryptograpy "MD5 Crypt" for the atribuct userPassword > This way, I achieve log in the Windows and FreeBSD by terminal, ssh... > but when chang pass of user by Windows, the cryptograpy of password in > atribuct userPassword > is chanded for SSHA and so not conect in FreeBSD, also just conect in > windows. > > FreeBSD and SAMBA authenticating in LDAP, > and changing the password by own user, not interfering in auth of ssh in > FreeBSD... > Someone implemented??? Hi, I think you have this backwards. At our setup, with active samba password sync users can change their samba{LM,NT}passwords and have their userPassword updated accordingly. Samba will not change the used algorithm, though (we use {CRYPT}, don't ask ...) The other way round though will only update the userPassword and not change the samba{Lm,NT}passwords leading to the old password still being valid for Windows. We're using a small CGI script where our users can change (both) passwords in their browser. Cheers, Ulrich Spoerlein -- It is better to remain silent and be thought a fool, than to speak, and remove all doubt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080606185326.GC1646>